In many situations, users have computer systems to which they must have constant access. A typical example is an office computer system that may have important files or sophisticated software running on it. This computer may be part of an office system or network that is not generally accessible outside of the office. However, the user may still want to use this computer when the user is at home or traveling. The solution is a remote access system that allows the user to connect to the office computer from another remote computer over a network, generally the Internet. Once connected, the user can enter keyboard and mouse commands into the remote computer and the commands will be transmitted to, and processed by, the office computer just as if the user had entered the commands into the office computer. Similarly, screen displays generated at the office computer are transmitted to, and reproduced by, the remote computer.
In traditional remote access solutions there are two components: the “host computer” (the computer being accessed) and the “client computer” (the computer used to access the host). The terms “host” and “client” can also be used to refer to the respective components of the remote access software. For example, host software runs on the host computer and client software runs on the client computer. The host software accepts a connection over a network, such as the Internet, from the client software, and after an initial authentication phase, a remote access session begins.
During a remote access session, the client computer can reproduce the screen display generated by the host. The client computer can also relay mouse and keyboard input for execution on the host computer. In addition, the client computer usually provides a user interface for accessing, manipulating and transferring files on the two systems that take part in the session.
In order to operate properly, a remote access system must be able to efficiently transfer information between the client and host computers and this efficient transfer requires a stable connection. If the client and host computers are directly connected to the network with static network addresses, establishing this stable connection is relatively easy. However, firewalls and NAT (Network Address Translation) routers that change or mask network addresses are becoming increasingly common, and dynamic network addresses are typically assigned to home users who access the Internet. Therefore, setting up a traditional remote access system in which the client computer directly contacts the host computer is not always practical as the difficulty of the task often exceeds the technical capabilities of the user.
In order to solve this problem, remote access systems introduce a third component, called a “gateway” that is connected to the network. The gateway is usually a combination of hardware and software that receives incoming connections over the network from both the client computer and the host computer. The gateway is often a server that is connected to the Internet and is typically located in a datacenter that is off-site for both the host computer and the client computer.
In a gateway-based remote access system, the host computer usually initiates a connection to the gateway, for example, when it boots up and thereafter maintains a constant connection with the gateway. The client computer usually connects to the gateway only when a user action initiates such a connection to begin a remote access session. When the gateway receives a connection request from the client computer, the gateway will authenticate the client computer, called a client “instance” and determine which host computer (called a host instance) the client instance has requested to contact (and which host instances the client instance is allowed to contact). When the requested host instance is identified, then the gateway will forward data between the respective client and host instances. In particular, whenever the host instance wishes to send data to the connected client instance, it sends the data to the gateway instead. Similarly, when the client instance wishes to transmit data to the connected host instance, it sends the data to the gateway. In either case, the gateway receives the incoming data and forwards it to the appropriate recipient.
A gateway solves the problem introduced by firewalls, NAT routers and dynamic network addresses, since neither the client computer nor the host computer attempt to contact each other directly; they both contact the gateway instead. Typically, the gateway is configured so that it is always accessible, usually through a common Internet protocol, such as HTTP or HTTPS. Thus, any computer that is configured to perform simple Internet-related tasks, such as browsing the World Wide Web, can be converted into a host computer and be a remote access target simply by installing and running the remote access host software.
However, there are two drawbacks to this typical prior art approach. First, there is increased data transmission latency. Each data packet traveling between the client computer and the host computer must be routed through the gateway. Since the gateway often is located remotely from both the client and host computers, the extra traveling distance will introduce unwanted delays in packet transit times. Second, the organization responsible for the gateway will incur high bandwidth costs as a large amount of data must travel through their infrastructure. Consequently, it would be beneficial to both the end users operating the client and host computers and the organization providing the gateway if the data flow between the client and host computers could be shifted so it avoids the gateway and travels directly between the client computer and the host computer.